User Interaction Design for Secure Systems

Ka-Ping Yee

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-02-1184
May 2002

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/CSD-02-1184.pdf

The security of any computer system that is configured and operated by human beings critically depends on the information conveyed by the user interface, the decisions of the computer users, and the interpretation of their actions. We establish some starting points for reasoning about security from a user-centered point of view, by modelling a system in terms of actors and actions and introducing the concept of the subjective actor-ability state. We identify ten key principles for user interaction design in secure systems and give case studies to illustrate and justify each principle, describing real-world problems and possible solutions. We anticipate that this work will help guide the design and evaluation of secure systems.

BibTeX citation:

@techreport{Yee:CSD-02-1184,
    Author = {Yee, Ka-Ping},
    Title = {User Interaction Design for Secure Systems},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2002},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/5658.html},
    Number = {UCB/CSD-02-1184},
    Abstract = {The security of any computer system that is configured and operated by human beings critically depends on the information conveyed by the user interface, the decisions of the computer users, and the interpretation of their actions. We establish some starting points for reasoning about security from a user-centered point of view, by modelling a system in terms of actors and actions and introducing the concept of the subjective actor-ability state. We identify ten key principles for user interaction design in secure systems and give case studies to illustrate and justify each principle, describing real-world problems and possible solutions. We anticipate that this work will help guide the design and evaluation of secure systems.}
}

EndNote citation:

%0 Report
%A Yee, Ka-Ping
%T User Interaction Design for Secure Systems
%I EECS Department, University of California, Berkeley
%D 2002
%@ UCB/CSD-02-1184
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/5658.html
%F Yee:CSD-02-1184